django-rest-auth
django-rest-auth copied to clipboard
"Authentication credentials were not provided." Error occur While access through Postman
"Authentication credentials were not provided." Error occur While access API through Postman
following code is used in Django setting.py file
REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES':( 'rest_framework.authentication.TokenAuthentication', # for browsable api view usage 'rest_framework.authentication.SessionAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), }
Please recommend a solution for this issue??
Did you actually provide the authentication details?
Can you use some command line tool like HTTPie and provide the output from your request? ( Don't forget to obfuscate any sensitive data)
Hi! The web interface works great however I can not connect using cURL:
Using: REST framework JWT Auth settings: REST_USE_JWT = True
Here trying to log in with cURL $ curl -X POST -d "{"username":"shovel", "email":"[email protected]", "password":"123"}" http://localhost:8000/rest-auth/login/ -v Note: Unnecessary use of -X or --request, POST is already inferred.
- Trying 127.0.0.1...
- TCP_NODELAY set
- Connected to localhost (127.0.0.1) port 8000 (#0)
POST /rest-auth/login/ HTTP/1.1 Host: localhost:8000 User-Agent: curl/7.63.0 Accept: / Content-Length: 71 Content-Type: application/x-www-form-urlencoded
- upload completely sent off: 71 out of 71 bytes < HTTP/1.1 400 Bad Request < Date: Thu, 14 Feb 2019 03:10:41 GMT < Server: WSGIServer/0.2 CPython/3.7.2 < Content-Type: application/json < Vary: Accept, Cookie < Allow: POST, OPTIONS < X-Frame-Options: SAMEORIGIN < Content-Length: 40 <
- Connection #0 to host localhost left intact {"password":["This field is required."]} <---- does not see the password
I tried formatting the data like this also: -d '{"username":"shovel", "email":"[email protected]", "password":"123"}' Got the same result.
Then i tried copying and pasting the returned JWT from the web interface to view the restricted page:
~$ curl -H "Authorization: JWTeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NzM5NCwiZW1haWwiOiIifQ.FILWdmNJchAwXh3SVdXSKu16YdrgkulaaXtqfsAygSg" -H "Content-Type: application/json" -X GET http://localhost:8000/api_jwt/see-stuff/ -v Note: Unnecessary use of -X or --request, GET is already inferred.
- Trying 127.0.0.1...
- TCP_NODELAY set
- Connected to localhost (127.0.0.1) port 8000 (#0)
GET /api_jwt/see-stuff/ HTTP/1.1 Host: localhost:8000 User-Agent: curl/7.63.0 Accept: / Authorization: JWTeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJJWT: yLCJ1c2VybmFtZSI6InNob3ZlbCIsImV4cCI6MTU1MDExMzM5NCwiZW1haWwiOiIifQ.FILWdmNJchAwXh3SVdXSKu16YdrgkulaaXtqfsAygSg Content-Type: application/json
< HTTP/1.1 403 Forbidden < Date: Thu, 14 Feb 2019 03:19:56 GMT < Server: WSGIServer/0.2 CPython/3.7.2 < Content-Type: application/json < Vary: Accept, Cookie < Allow: GET, HEAD, OPTIONS < X-Frame-Options: SAMEORIGIN < Content-Length: 58 <
- Connection #0 to host localhost left intact {"detail":"Authentication credentials were not provided."} <--- same thing
In the web console, there is a csrf token and session id in the request header.
Maybe I misunderstood, but I thought that JWT was used instead? We want to go from machine to machine with no web interface. is that possible?
Did You provide the Token parameter in the header?
I have Postman working with JWT. In Headers tab add 'Authorization' as Key and add 'JWT
- you MUST HAVE an space after JWT keyword.
- Use ONLY JSONWebTokenAuthentication. This will guarantee that Django will ignore things that only exists in browsers like session and you can simulate better for mobiles. 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', # 'rest_framework.authentication.SessionAuthentication', # 'rest_framework.authentication.BasicAuthentication', ),
You need to authenticate with Token (In your case).
Try this
curl -X GET http://127.0.0.1:8000/api/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'
And read more in the doc
https://www.django-rest-framework.org/api-guide/authentication/
has all details about Authentication and this issue must be closed
Everything was working fine in Local Server, but on production Server I had to make changes in Apache.
@vasantp20 what were the change you made in apache? please describe
After removing the SIMPLE_JWT settings from the Settings.py file, I got the postman and curl to work
SIMPLE_JWT = {
'AUTH_HEADER_TYPES': ('JWT',),
}
Since it is session Login so you need to provide you credentials so do /admin and login later it will work fine
@syedmudaseer and anybody else stumbling on this later on, you need to enable WSGIPassAuthorization in the apache config:
WSGIPassAuthorization On
The proper way to attach a token on postman for simple TokenAuthentication is by going to the Headers tab and adding an "Authorization" key with a value "Token
As pointed to by @dheerajpai in the link: https://www.django-rest-framework.org/api-guide/authentication/
I am just restating it here for clarity.
For postman this is what you need
I was facing the same issue. then went to the admin panel(http://127.0.0.1:8000/admin/) and logged in using superuser credentials. worked for me. Maybe, in my case, you can not access user data without authentication.
Make sure you have WSGIPassAuthorization On
on /wsgi.conf
After removing the SIMPLE_JWT settings from the Settings.py file, I got the postman and curl to work
SIMPLE_JWT = {
'AUTH_HEADER_TYPES': ('JWT',),
}
This works for me. Can anyone explain why?
I have Postman working with JWT. In Headers tab add 'Authorization' as Key and add 'JWT in Values. Notes:
- you MUST HAVE an space after JWT keyword.
- Use ONLY JSONWebTokenAuthentication. This will guarantee that Django will ignore things that only exists in browsers like session and you can simulate better for mobiles. 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
Thank you very much @nandojve. Using JWT instead of Bearer worked for me
Hi! I tried to use oauth2 authentification with google API for my django framework project. But I don't know where to place access token to be authenticated in my service. I get an error - Authentication credentials were not provided. I think my token just not passed and the server doesn't get it.
So I did:
- created credentials in https://console.developers.google.com/
- got access token in postman (I set http://127.0.0.1:8000/api/accounts/google/login/callback/ as callback URL, set client ID and client secret, auth_url https://accounts.google.com/o/oauth2/auth and auth_access_token_url https://oauth2.googleapis.com/token)
- after getting token, it's automatically set into request header as Authorization
- used endpoint http://127.0.0.1:8000/api/accounts/google/login/?process=login to authenticate
- I also passed CSRF token
- I tried to use 'Token how8fr7hqe9fr3iul2fh' in Authorization header
On finish I get 200 code response (it's HTML file of the google authorization page where I was redirected). Actually I should get code 404 and be redirected to http://localhost:8000/
I tracked all redirections in postman and I saw that I redirected to google auth page (where it suggest me some of my existed accounts), I passed my client id in request and that's it... my needed account is not chosen and I redirected to another endpoint and get 200 code.
Well, I hope somebody understands the topic and help me
"Authentication credentials were not provided." Error occur While access API through Postman
following code is used in Django setting.py file
REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES':( 'rest_framework.authentication.TokenAuthentication', # for browsable api view usage 'rest_framework.authentication.SessionAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), }
Please recommend a solution for this issue??
**I did have the same issue with token access.
In Curl its is working with string with " " not with single ''
I tried with same
curl http://127.0.0.1:8000/api/blog/1/ -H "Authorization: Token c63fe7a5286109841e7d25fbc7f9413e9483897b" Hope it work for you **
I am getting the same issue, I've tried everything?! I am unable to log into /admin as a superuser as I have a custom API login but I doubt that should matter. I am getting:
403 Forbidden "detail": "Authentication credentials were not provided."